General
-
Target
89d45d766eb2694ff45cd58044964870_NeikiAnalytics.exe
-
Size
1.6MB
-
Sample
240601-ctmqtsfc72
-
MD5
89d45d766eb2694ff45cd58044964870
-
SHA1
d086a6a9d539e041dd96e8cb61d0404e15c68735
-
SHA256
22f7bf186d1354cb9d48a6731b32ed9f58490c856d883744e7c794e7c682c77d
-
SHA512
055eb1dbb68b5f7948f8b11a7c310f4aa9691f5668b62fd72522ac20ad58efa172aeadedc0766e709846660c2a18402175de91b0775f5ea4fe0167d9434287b0
-
SSDEEP
24576:ECkU7ab5CK37zto/wcrbw4k3CEXjVCPnJCgwT4rSNbU/YcwpX5DWX:Ev0C8iXiLbwd3CEzVCff52NZn/DW
Behavioral task
behavioral1
Sample
89d45d766eb2694ff45cd58044964870_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
89d45d766eb2694ff45cd58044964870_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
89d45d766eb2694ff45cd58044964870_NeikiAnalytics.exe
-
Size
1.6MB
-
MD5
89d45d766eb2694ff45cd58044964870
-
SHA1
d086a6a9d539e041dd96e8cb61d0404e15c68735
-
SHA256
22f7bf186d1354cb9d48a6731b32ed9f58490c856d883744e7c794e7c682c77d
-
SHA512
055eb1dbb68b5f7948f8b11a7c310f4aa9691f5668b62fd72522ac20ad58efa172aeadedc0766e709846660c2a18402175de91b0775f5ea4fe0167d9434287b0
-
SSDEEP
24576:ECkU7ab5CK37zto/wcrbw4k3CEXjVCPnJCgwT4rSNbU/YcwpX5DWX:Ev0C8iXiLbwd3CEzVCff52NZn/DW
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Modifies WinLogon for persistence
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1